- December 8, 2015 security update (KB3114351) for Microsoft Lync 2013 (Skype for Business)
- December 8, 2015 security update (KB3114372) for Skype for Business 2016
In these environments, a Lync 2013 or Skype for Business client uses the correct proxy settings to sign in to Office 365 by using Microsoft Online Services Sign-In Assistant (MOS SIA) Identity Client Runtime Library (IDCRL). However, in some environments in which Lync 2013 or Skype for Business client is running behind two or more proxies, Skype for Business can choose the wrong proxy settings for IDCRL to use. This may block the authentication or otherwise require additional proxy authentication. To resolve this situation, you can use this GPO setting to resolve the authentication issues.
How to locate the GPO setting
For Lync 2013 (Skype for Business 2015)
How the GPO setting works
- First bit (0x1)
- When it isn't set: Use named HTTP proxy from Internet Explorer.
- When it's set: Disable named proxy usage from Internet Explorer.
- Second bit (0x2)
- When it isn't set: Use the HTTP proxy that's used for SIP over HTTPS as the named proxy for IDCRL.
- When it's set: Do not use the HTTP proxy that's used for SIP over HTTP.
- If the second bit is not set, the HTTP proxy from SIP detection might be used as an alternative proxy.
- Third bit (0x4)
- When it isn't set: Share the HTTP proxy credentials that are collected by Lync 2013 or Skype for Business clients with IDCRL.
- When it's set: Do not share the proxy credentials with IDCRL.
- Setting this bit can cause IDCRL to fail if proxy credentials are required by local proxy.
- Other bits are reserved for future use and must be set to 0!
The examples of the GPO settings
- When the value of the new GPO is set to 0 (the default value), MOS SIA uses either the named proxy or the proxy that's used by SIP over HTTPS, and it shares proxy credentials.
- When the value of the new GPO is set to 1, MOS SIA disables the named proxy, but uses the SIP over HTTPS proxy if this is detected, and shares the HTTP Proxy credentials if they are available to Lync 2013 or Skype for Business clients. (That is, it reverts to the legacy behavior the previous KB 3040493.)
- When the value of the new GPO is set to 3, MOS SIA disables sharing of both named proxy and SIP over HTTPS proxy with IDCRL, but enables sharing of proxy credentials that are collected by Lync 2013 or Skype for Business clients with IDCRL.
- When the value of the new GPO is set to 7, MOS SIA completely disables the proxy control by Lync 2013 or Skype for Business clients, and fully relies on IDCRL library logic to auto-detect and authenticate against the HTTP proxy.